Cyberyoddha Data Store 2 write-up

Hello guys, this is Eddie_Mora from CRISIS Team, In this article, I will give a write up about a Web challenge I solved when playing Cyberyoddha CTF

The CTF was for newbies so all challenges were so easy but I will explain one about SQL injection!

The Challenge was named “Data Store 2” with 225 points!

The objective was to bypass this login panel, so the first thing to do us to check the source page but nothing interesting…

Then let's analyse the behaviours of the log-in function with Burpsuit Tool

So basically when using random credentials it gives “Ivalide Cred, please try again”

So let's check for SQLI, we will Test the inputs one by one to see if there any change on the error given!

So when checking for the first parameter [username=tst0'&password=tst1]
nothing happened! but when I tested on the second one I got this :

Interesting, It shows a different error which is good!

And due to the non-existence of any logical error than can help us to craft our Payload, I will use a common one tst’ OR 1=1 — ‘

After using the payload I succeded to login and I got redirected to a page called /secret

I saw no flag here so I followed the redirection on the browser and Bingo!




The best puzzles are not meant to be solved{}

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Task 3.1 : Explore the SimpleCalc project and app.

Ikigai and Software Engineering Degree Program

Covid-19: Working from home

Exploring Amazon’s Cloud Development Kit (CDK)

Introducing AntiMatter WeStarter IDO Whitelist

Xcode and XCFrameworks — new format of packing frameworks

15 things you should know about Lists in Python

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eddie Mora

Eddie Mora

The best puzzles are not meant to be solved{}

More from Medium

Simple CTF TryHackMe Walkthrough


Unicode — HackTheBox Machine WriteUp

A Windows Defender Vulnerability That Bypass the Trojan/Malware